Microsoft ignored the threat to Windows users from vulnerability revealed recently, saying that it was unlikely that the bug can be exploited to compromise a computer.
Artwork: Dlite Chip defect in network Windows Server Message Block (SMB) file sharing protocol and was disclosed Monday by someone identified only as "Cupidon-3005" on the mailing list for Security Full Disclosure. Cupidon-3005 posted code Proof-of-concept to the list.
The French and Danish researchers said the latest hacker may be able to exploit this bug to hijack Windows PCs. (see also "25 years: Windows ' worst moments")
Last week, Microsoft said it was not so.
"Based on our initial investigation of this vulnerability cannot be exploited for remote code execution (RCE) on 32-bit platforms," said Jerry Bryant, a General Manager in the Microsoft Security Response Center (MSRC). "We are studying the possibility of execution of code on 64-bit platforms, but so far haven't found one likely scenario that would result in reliable code execution."
An attack that exploits the bug SMB instead would result in a denial of service, "said Bryant, using the term that describes a crash of a window that requires rebooting the PC. Windows hangs often informs users of the terrible situation with the infamous "blue screen of death."
In an explanatory blog post, MSRC engineer Mark Wodrich echo take Bryant likely remote code execution, saying that it was impossible on a 32-bit version of Windows due to memory limitations, and feasible on Windows 64-bit only if more than 8 GB of memory was present.
Even then, said Wodrich, "we feel that the trigger any such condition reliably timing will be very difficult".
HD Moore, head of security at Rapid7 and the creator of the open source Metasploit penetration toolkit, played well.
"We have not seen any solid examples of code execution, even if it turns out to be possible," Moore said in an e-mail reply to questions Wednesday. He added that a researcher Metasploit was also looking at the bug and published attack code Cupidon-3005 to see if he could be a form of reliable exploits for Metasploit.
All versions of Windows contain the bug, said Wodrich, but servers running as the primary Domain Controller (PDC)--the system that controls the network domain--are more vulnerable.
Microsoft exploitability index pegged the vulnerability scores a "3", which means that the company does not expect reliable attack code will appear in the next 30 days.
Some researchers doom diminish Microsoft threat.
"Microsoft is now called any hard-to-exploit vulnerabilities (e.g., SMB) a "Denial of Service"! What's next? ", asked the French firm Vupen security in a tweet earlier today.
"Have been doing this forever, MSRC is about managing incidents of PR, improves safety," said Tavis Ormandy in a reply to the tweet of Vupen.
Ormandy, Google security engineer, Microsoft heads with pipes has before--especially last summer, when he released exploit code for a bug in Windows Help and Support Center after he said Microsoft has refused to set a deadline of patches.
Microsoft Bryant said MSRC researchers are willing to investigate the bug, and I will release a patch or workaround to protect users.
Although Tuesday's next scheduled Patch-is three weeks away, it is unlikely that a fix will be delivered then unless a large number of attacks in the wild exploiting vulnerabilities-are displayed.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and General technology breaking news for Computerworld. Follow Gregg on Twitter at @ gkeizer or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.
To learn more about security in Computerworld Security Center topic.
For more enterprise computing news, visit Computerworld. Story copyright © 2010 Computerworld Inc. All rights reserved.
No comments:
Post a Comment